Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39416 | 1 Remoteclinic | 1 Remote Clinic | 2021-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters. | |||||
| CVE-2021-39413 | 1 Seopanel | 1 Seo Panel | 2021-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. | |||||
| CVE-2019-12395 | 1 Dynmap Project | 1 Dynmap | 2021-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting. | |||||
| CVE-2017-3832 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Firmware | 2021-11-08 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198. | |||||
| CVE-2021-25505 | 1 Samsung | 1 Samsung Pass | 2021-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. | |||||
| CVE-2020-23686 | 1 Ayacms Project | 1 Ayacms | 2021-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | |||||
| CVE-2021-25502 | 1 Google | 1 Android | 2021-11-08 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | |||||
| CVE-2020-7483 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. | |||||
| CVE-2021-20839 | 1 Antennahouse | 1 Office Server Document Converter | 2021-11-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document. | |||||
| CVE-2021-20838 | 1 Antennahouse | 1 Office Server Document Converter | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document. | |||||
| CVE-2021-39912 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. | |||||
| CVE-2021-39902 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. | |||||
| CVE-2021-39907 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. | |||||
| CVE-2021-39906 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf. | |||||
| CVE-2021-21698 | 1 Jenkins | 1 Subversion | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | |||||
| CVE-2021-39895 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 2.1 LOW | 4.5 MEDIUM |
| In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source. | |||||
| CVE-2021-21697 | 1 Jenkins | 1 Jenkins | 2021-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | |||||
| CVE-2021-21696 | 1 Jenkins | 1 Jenkins | 2021-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | |||||
| CVE-2021-39901 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 4.0 MEDIUM | 2.7 LOW |
| In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. | |||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2021-11-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | |||||